POP3 Service STLS Plaintext Command Injection
Medium Nessus Plugin ID 52610
SynopsisThe remote mail service allows plaintext command injection while negotiating an encrypted communications channel.
DescriptionThe remote POP3 service contains a software flaw in its STLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase.
Successful exploitation could allow an attacker to steal a victim's email or associated SASL (Simple Authentication and Security Layer) credentials.
SolutionContact the vendor to see if an update is available.